Re: [tcpdump-workers] packets captured with pcap_open_live("any",

Linux cooked capture; aka SLL. It's a way of dealing with possible differences in the link layer across 'any' (i.e., all) devices. I think the code you want to look at is in pcap-linux.c . 2009/11/16 d00fy > hi all, recently I captured packets from ethernet with libpcap, I found out > that pac

[tcpdump-workers] Endace DAG w/ tcpdump and libpcap

ns written to access the DAG card via the libpcap wrapper ? rh - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.

Re: [tcpdump-workers] local timestamp recovery of .cap files

On Fri, May 15, 2009 at 2:20 PM, Guy Harris wrote: > > On May 15, 2009, at 12:43 AM, Jefferson Ogata wrote: > > This has come up before, back when we were talking about the NG format. >> I guess I got confused by the current context; if pcap files are >> natively UTC (which I had thought they we

[tcpdump-workers] [Q] random loss on capture

Relative newbie, with a theoretical question I would like to understand the answer to. Given: More than one pcaplib app running on a host, and the interface in promiscuous mode. What factors (incoming packet rate, NIC or TCP buffer overflow, etc.) would create a condition where the pcaplib

Re: [tcpdump-workers] forcing pcap_loop() failures

After playing around with this for a while, the solution I've used is to open two pcap_t * handles, set them non-blocking, and then call pcap_dispatch() on each of them within a while(1) loop. This sucks for (at least) two reasons: First, it's basically brain-dead and a CPU hog. Second, for

Re: [tcpdump-workers] pcap: prob w/libnet making raw socket client

- Original Message - From: "Jefferson Ogata" <[EMAIL PROTECTED]> To: Sent: Tuesday, October 04, 2005 7:40 PM Subject: Re: [tcpdump-workers] pcap: prob w/libnet making raw socket client > On 10/03/2005 04:56 PM, rh wrote: > > I'm using libnet 1.1.

Re: [tcpdump-workers] pcap: prob w/libnet making raw socket client

- Original Message - From: "Guy Harris" <[EMAIL PROTECTED]> To: Sent: Monday, October 03, 2005 10:49 PM Subject: Re: [tcpdump-workers] pcap: prob w/libnet making raw socket client > rh wrote: > > > Sounds like it's unavoidable. libnet and libpcap see

Re: [tcpdump-workers] pcap: prob w/libnet making raw socket client

- Original Message - From: "Guy Harris" <[EMAIL PROTECTED]> To: Sent: Monday, October 03, 2005 6:49 PM Subject: Re: [tcpdump-workers] pcap: prob w/libnet making raw socket client > rh wrote: > > I'm using libnet 1.1.1 and pcaplib 0.8.3 (I believe). >

[tcpdump-workers] pcap: prob w/libnet making raw socket client

I'll post here anything I find separately as well if there's interest. rh - This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe.